Debian 10228 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1840-1: golang-go.crypto security update
DLA 1841-1: gpac security update



DLA 1840-1: golang-go.crypto security update




Package : golang-go.crypto
Version : 0.0~hg190-1+deb8u1
CVE ID : CVE-2019-11840

A flaw was found in the amd64 implementation of salsa20. If more
than 256 GiB of keystream is generated, or if the counter otherwise
grows greater than 32 bits, the amd64 implementation will first generate
incorrect output, and then cycle back to previously generated keystream.

For Debian 8 "Jessie", this problem has been fixed in version
0.0~hg190-1+deb8u1.

obfs4proxy has been rebuilt as version 0.0.3-2+deb8u1.

We recommend that you upgrade your golang-golang-x-crypto-dev
and obfs4proxy packages, and rebuild any software using
golang-golang-x-crypto-dev.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1841-1: gpac security update




Package : gpac
Version : 0.5.0+svn5324~dfsg1-1+deb8u4
CVE ID : CVE-2019-12481 CVE-2019-12482 CVE-2019-12483


Three issues have been found for gpac, an Open Source multimedia
framework.
Two of them are NULL pointer dereferences and one of them is a heap-based
buffer overflow.


For Debian 8 "Jessie", these problems have been fixed in version
0.5.0+svn5324~dfsg1-1+deb8u4.

We recommend that you upgrade your gpac packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS